The Swiss Security Blog

AMaDa Discontinued, Palevo Tracker With A New Home

As announced on Twitter last month, abuse.ch Malware Database (AMaDa) has been discontinued on 2012-03-17.

Since my announcement on Twitter to discontinue AMaDa, I received several dozen emails from IT security representatives of ISPs, national CERTs as well as governmental and non-governmental organisations that were using AMaDa’s blocklist to identify compromised computers within their networks. I have to say that I was quite amazed how many people used AMaDa’s blocklist. However I’m unable to answer all these emails due to lack of time, hence I decided to publish a short statement on my blog.

AMaDa was launched in 2010, since then it has analysed 169’545 URLs serving malware, 160’183 malicious binaries and identified 1’685 malware botnet controllers associated with all kinds of Trojans (like Mebroot, TLD/TDSS, Carberp, BlackEnergy, Ramnit and many more).

In February 2011, I started Palevo Tracker as sub-project of AMaDa. Palevo Tracker’s blocklist was served together with the AMaDa IP and Domain blocklist.

Running and maintaining the tracking infrastructure (ZeuS-, SpyEye- and Palevo Tracker) is very time intensive, also since it created much “background noise” (sometimes I think I need a secretary to handle all emails and requests). Hence I was prevented from blogging as much as I would have liked to last year. Unfortunately, every day only has 24 hours, and due to personal circumstances as well as my focus on other (non-public) projects I’m no longer able to provide AMaDa’s data / information with a good enough quality. I always serve data and information on “best effort” basis, and as I’m no longer able commit to that for AMaDa I’ve decided to discontinue the project (please keep in mind that all these projects are done in my spare time).

I’m aware that this is bad news for many of you, but fortunately I also have some good news. This weekend I moved Palevo Tracker onto a new infrastructure. I decided to keep Palevo Tracker running as a “new” project. Since AMaDa is gone, Palevo Tracker has found a new home on it’s own sub domain:

If you are using one of AMaDa’s blocklists, please ensure that you stop query them as they are no longer available. If you want to keep up identifying Palevo botnet C&Cs please switch to one of the blocklists available on Palevo Tracker’s Blocklist page.